Cross-Site Scripting Vulnerability in Photocrati NextGEN Gallery Plugin for WordPress
CVE-2015-9229

4.8MEDIUM

Key Information:

Vendor: Wordpress
Status: Nextgen Gallery
Vendor: CVE Published:; 12 September 2017

Summary

The Photocrati NextGEN Gallery plugin version 2.1.15 for WordPress contains a Cross-Site Scripting (XSS) vulnerability in the nggallery-manage-gallery page. This security flaw allows remote authenticated administrators to inject arbitrary web scripts via the 'images[1][alttext]' parameter, potentially compromising the integrity of the website. It's crucial for users of this plugin to address this vulnerability to mitigate possible attacks.

References

https://github.com/cybersecurityworks/Disclosed/issues/5

x_refsource_MISC

https://cybersecurityworks.com/zerodays/cve-2015-9229-nex...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 12, 2017
Vulnerability Reserved
Sep 12, 2017